Re: Proposed issue; Visibility of Web services from Mark Baker on 2003-07-16 (www-tag@w3.org from July 2003)

From: Mark Baker <distobj@acm.org>
Date: Tue, 15 Jul 2003 22:51:07 -0400
To: Dan Connolly <connolly@w3.org>
Cc: www-tag@w3.org
Message-ID: <20030715225107.Q4241@www.markbaker.ca>

Thanks for the feedback, Dan.

On Tue, Jul 15, 2003 at 10:40:41AM -0500, Dan Connolly wrote:
> On Tue, 2003-05-20 at 12:06, Mark Baker wrote:
> > [...]
> 
> I couldn't support adding this to our issues list because
> it wasn't very clear to me what the issue was. I
> think several other TAG members were in a similar position.

Yes, the minutes seemed pretty clear about that.  I apologize for not
being sufficiently clear.  If it helps, I'll just cut and paste Roy's
definition of visibility here;

"Visibility [...] refers to the ability of a component to monitor or
mediate the interaction between two other components."
 -- http://www.ics.uci.edu/~fielding/pubs/dissertation/net_app_arch.htm#sec_2_3_5 

> I find that stories with concrete examples of following
> or not following principles make things pretty clear
> pretty quickly. I think the scenarios
> in these findings help a lot...
> 
> http://www.w3.org/2001/tag/doc/whenToUseGet-20030509.html#scenarios
> 
> http://www.w3.org/2001/tag/doc/mime-respect.html#scenarios
> 
> So I'd appreciate it if folks would tell stories when
> they request new issues.

I'll give it a try, focusing on one of the issues with poor visibility.
It begs the question, but the story format seems to require that.

John publishes a Web service that exposes some functionality intended
for consumption by third party automata.  It supports the SOAP protocol
over HTTP, and its (non-generic) interface is described with WSDL.

Fred wants to use this service for some work he's doing behind the
firewall of his employer, Large Co.  He downloads the WSDL, generates
some stubs, and integrates those stubs into his application, thereby
integrating his app with the service.  Because he's using HTTP, which
Large Co permits to pass through the firewall from the inside, this
all works.

But then a few weeks later, when the Large Co IT department learns
that a non-publically specified & verified, potentially insecure
application interface is being tunneled through their firewall, they
shut down his system.

Which party is at fault?  John for publishing a Web service?  Fred
for attempting to use it?  The Large Co IT department for deciding to
shut it down?

I believe the answer is that Fred is at fault.  He, in effect, attempted
to bypass the security policies established by his employer, which are
intended to protect the corporate intranet.  In other words, he assumed
that visibility is not important to his IT department, and they
disagree.

MB
-- 
Mark Baker.   Ottawa, Ontario, CANADA.        http://www.markbaker.ca

Received on Tuesday, 15 July 2003 22:45:10 UTC